The present invention relates generally to network access and more particularly to a method and system to differentiate network access for different classes of users.
It is becoming increasingly important to differentiate network access for different classes of users, in particular different classes of wireless LAN users. One proposal for providing differentiated network access and services is that Access Points should implement a method wherein a Remote Authentication Dial-In User Server (RADIUS server) explicitly assigns an 802.11 station to a Virtual LAN identifier (VLAN ID) by returning a VLAN ID attribute in the RADIUS record for the station. Such RADIUS based VLAN assignment has limited scope and severely restricts mobility. A large or campus network may contain multiple VLANs that provide equivalent services. For example, a campus network may contain multiple Voice VLANS. If a RADIUS server explicitly assigns an 802.11 Voice over IP (VoIP) phone to a voice VLAN, then the phone is limited to a single voice VLAN, for example the phone may be limited to a VLAN on a single floor in a single building. The only method for segregating users is “VLAN trunking”; therefore, the proposal is generally limited to network areas with a VLAN infrastructure. Thus there exists a need for a method and system wherein multiple parameters can be grouped into a Service Set, which is controlled by a single RADIUS attribute that is not limited to a VLAN ID assignment.
For the purposes of describing the present invention, an “authorized WSTA” is any station that is explicitly authorized to access the network via a security server, and a “guest WSTA” is not explicitly authorized to access the network. A RADIUS server is used as an example security server in describing the present invention, but as those skilled in the art can readily appreciate the concepts of the present invention apply with any security server.
It should be noted that a “Service Set” as defined herein is not the same as an 802.11 Extended Service Set (ESS).
Additional objects, advantages and novel features of the invention will be set forth in part in the description which follows, and in part will become apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention. The objects and advantages of the invention may be realized and attained by means of instrumentalities and combinations particularly pointed out in the appended claims.